← Back to branch summary

~ubuntu-branches/ubuntu/hardy/gallery2/hardy-security

« back to all changes in this revision

Viewing changes to modules/core/test/phpunit/ItemPermissionsControllerTest.class

  • Committer: Bazaar Package Importer
  • Author(s): Michael C. Schultheiss
  • Date: 2006-04-16 16:42:35 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20060416164235-8uy0u4bfjdxpge2o
Tags: 2.1.1-1
http://bugs.debian.org/362936
http://bugs.debian.org/359000
http://bugs.debian.org/362152
* New upstream release (Closes: #362936)
  + Bugfixes for Postgres7 (Closes: #359000, #362152)

Show diffs side-by-side

added added

removed removed

Lines of Context:
modules/core/test/phpunit/ItemPermissionsControllerTest.class
3
3
 * $RCSfile: ItemPermissionsControllerTest.class,v $
4
4
 *
5
5
 * Gallery - a web based photo album viewer and editor
6
 
 * Copyright (C) 2000-2005 Bharat Mediratta
 
6
 * Copyright (C) 2000-2006 Bharat Mediratta
7
7
 *
8
8
 * This program is free software; you can redistribute it and/or modify
9
9
 * it under the terms of the GNU General Public License as published by
20
20
 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
21
21
 */
22
22
/**
23
 
 * @version $Revision: 1.11 $ $Date: 2005/08/23 03:49:33 $
 
23
 * @version $Revision: 1.12 $ $Date: 2006/01/10 04:39:36 $
24
24
 * @package GalleryCore
25
25
 * @subpackage PHPUnit
26
26
 * @author Bharat Mediratta <bharat@menalto.com>
41
41
        parent::setUp();
42
42
 
43
43
        list ($ret, $this->_albumParent) = $this->_createRandomAlbum($this->_getRootId());
44
 
        if ($ret->isError()) {
 
44
        if ($ret) {
45
45
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
46
46
        }
47
47
        $this->_markForCleanup($this->_albumParent);
48
48
 
49
49
        list ($ret, $this->_albumChild) = $this->_createRandomAlbum($this->_albumParent->getId());
50
 
        if ($ret->isError()) {
 
50
        if ($ret) {
51
51
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
52
52
        }
53
53
 
54
54
        list ($ret, $this->_group) = $this->_createRandomGroup();
55
 
        if ($ret->isError()) {
 
55
        if ($ret) {
56
56
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
57
57
        }
58
58
        $this->_markForCleanup($this->_group);
59
59
 
60
60
        list ($ret, $this->_user) = $this->_createRandomUser();
61
 
        if ($ret->isError()) {
 
61
        if ($ret) {
62
62
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
63
63
        }
64
64
        $this->_markForCleanup($this->_user);
84
84
        GalleryDataCache::reset();
85
85
 
86
86
        list ($ret, $this->_albumParent) = $this->_albumParent->refresh();
87
 
        if ($ret->isError()) {
 
87
        if ($ret) {
88
88
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
89
89
        }
90
90
 
112
112
        GalleryDataCache::reset();
113
113
 
114
114
        list ($ret, $this->_albumParent) = $this->_albumParent->refresh();
115
 
        if ($ret->isError()) {
 
115
        if ($ret) {
116
116
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
117
117
        }
118
118
 
119
119
        $this->assertEquals($this->_user->getId(), $this->_albumParent->getOwnerId());
120
120
        list ($ret, $this->_albumChild) = $this->_albumChild->refresh();
121
 
        if ($ret->isError()) {
 
121
        if ($ret) {
122
122
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
123
123
        }
124
124
 
180
180
        $count = 0;
181
181
        list ($ret, $permissions) =
182
182
            GalleryCoreApi::fetchAllPermissionsForItem($this->_albumParent->getId(), false);
183
 
        if ($ret->isError()) {
 
183
        if ($ret) {
184
184
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
185
185
        }
186
186
        foreach ($permissions as $permission) {
187
187
            if ($permission['groupId'] == $this->_group->getId()) {
188
 
                $this->assertEquals(array('userId' => 0,
189
 
                                          'groupId' => $this->_group->getId(),
 
188
                $this->assertEquals(array('groupId' => $this->_group->getId(),
190
189
                                          'permission' => 'core.edit'),
191
190
                                    $permission);
192
191
                $count++;
203
202
         */
204
203
        list ($ret, $differentPermissionChildAlbum) =
205
204
            $this->_createRandomAlbum($this->_albumParent->getId());
206
 
        if ($ret->isError()) {
 
205
        if ($ret) {
207
206
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
208
207
        }
209
208
 
210
209
        $ret = GalleryCoreApi::removeItemPermissions($differentPermissionChildAlbum->getId());
211
 
        if ($ret->isError()) {
 
210
        if ($ret) {
212
211
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
213
212
        }
214
213
 
215
214
        $ret = GalleryCoreApi::addUserPermission(
216
215
            $differentPermissionChildAlbum->getId(), $gallery->getActiveUserId(),
217
216
            'core.changePermissions', false);
218
 
        if ($ret->isError()) {
 
217
        if ($ret) {
219
218
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
220
219
        }
221
220
 
246
245
                as $album) {
247
246
            list ($ret, $permissions) =
248
247
                GalleryCoreApi::fetchAllPermissionsForItem($album->getId(), false);
249
 
            if ($ret->isError()) {
 
248
            if ($ret) {
250
249
                return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
251
250
            }
252
251
            foreach ($permissions as $permission) {
253
 
                if ($permission['groupId'] == $this->_group->getId()) {
254
 
                    $this->assertEquals(array('userId' => 0,
255
 
                                              'groupId' => $this->_group->getId(),
 
252
                if (isset($permission['groupId'])
 
253
                        && $permission['groupId'] == $this->_group->getId()) {
 
254
                    $this->assertEquals(array('groupId' => $this->_group->getId(),
256
255
                                              'permission' => 'core.edit'),
257
256
                                        $permission);
258
257
                    $count++;
319
318
                                                        $this->_group->getId(),
320
319
                                                        'core.edit',
321
320
                                                        false);
322
 
        if ($ret->isError()) {
 
321
        if ($ret) {
323
322
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
324
323
        }
325
324
 
346
345
                                                        $this->_group->getId(),
347
346
                                                        'core.edit',
348
347
                                                        false);
349
 
        if ($ret->isError()) {
 
348
        if ($ret) {
350
349
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
351
350
        }
352
351
 
373
372
        /* Fetch all permissions and compare the ones we care about */
374
373
        list ($ret, $permissions) =
375
374
            GalleryCoreApi::fetchAllPermissionsForItem($this->_albumParent->getId(), false);
376
 
        if ($ret->isError()) {
 
375
        if ($ret) {
377
376
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
378
377
        }
379
378
        foreach ($permissions as $permission) {
380
 
            if ($permission['groupId'] == $this->_group->getId()) {
 
379
            if (isset($permission['groupId']) && $permission['groupId'] == $this->_group->getId()) {
381
380
                $this->assert(false, 'invalid group permission found');
382
381
            }
383
382
        }
387
386
        /* Add a group permission */
388
387
        $ret = GalleryCoreApi::addGroupPermission(
389
388
            $this->_albumParent->getId(), $this->_group->getId(), 'core.edit', true);
390
 
        if ($ret->isError()) {
 
389
        if ($ret) {
391
390
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
392
391
        }
393
392
 
416
415
        foreach (array($this->_albumParent, $this->_albumChild) as $album) {
417
416
            list ($ret, $permissions) =
418
417
                GalleryCoreApi::fetchAllPermissionsForItem($album->getId(), false);
419
 
            if ($ret->isError()) {
 
418
            if ($ret) {
420
419
                return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
421
420
            }
422
421
            foreach ($permissions as $permission) {
423
 
                if ($permission['groupId'] == $this->_group->getId()) {
 
422
                if (isset($permission['groupId'])
 
423
                        && $permission['groupId'] == $this->_group->getId()) {
424
424
                    $this->assert(false, 'invalid group permission found: ' .
425
425
                                  serialize($permission));
426
426
                }
452
452
        $count = 0;
453
453
        list ($ret, $permissions) =
454
454
            GalleryCoreApi::fetchAllPermissionsForItem($this->_albumParent->getId(), false);
455
 
        if ($ret->isError()) {
 
455
        if ($ret) {
456
456
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
457
457
        }
458
458
        foreach ($permissions as $permission) {
459
 
            if ($permission['userId'] == $this->_user->getId()) {
 
459
            if (isset($permission['userId'])
 
460
                    && $permission['userId'] == $this->_user->getId()) {
460
461
                $this->assertEquals(array('userId' => $this->_user->getId(),
461
 
                                          'groupId' => 0,
462
462
                                          'permission' => 'core.edit'),
463
463
                                    $permission);
464
464
                $count++;
475
475
         */
476
476
        list ($ret, $differentPermissionChildAlbum) =
477
477
            $this->_createRandomAlbum($this->_albumParent->getId());
478
 
        if ($ret->isError()) {
 
478
        if ($ret) {
479
479
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
480
480
        }
481
481
 
482
482
        $ret = GalleryCoreApi::removeItemPermissions($differentPermissionChildAlbum->getId());
483
 
        if ($ret->isError()) {
 
483
        if ($ret) {
484
484
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
485
485
        }
486
486
 
487
487
        $ret = GalleryCoreApi::addUserPermission(
488
488
            $differentPermissionChildAlbum->getId(), $gallery->getActiveUserId(),
489
489
            'core.changePermissions', false);
490
 
        if ($ret->isError()) {
 
490
        if ($ret) {
491
491
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
492
492
        }
493
493
 
517
517
                as $album) {
518
518
            list ($ret, $permissions) =
519
519
                GalleryCoreApi::fetchAllPermissionsForItem($album->getId(), false);
520
 
            if ($ret->isError()) {
 
520
            if ($ret) {
521
521
                return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
522
522
            }
523
523
            foreach ($permissions as $permission) {
524
 
                if ($permission['userId'] == $this->_user->getId()) {
 
524
                if (isset($permission['userId'])
 
525
                        && $permission['userId'] == $this->_user->getId()) {
525
526
                    $this->assertEquals(array('userId' => $this->_user->getId(),
526
 
                                              'groupId' => 0,
527
527
                                              'permission' => 'core.edit'),
528
528
                                        $permission);
529
529
                    $count++;
588
588
                                                        $this->_user->getId(),
589
589
                                                        'core.edit',
590
590
                                                        false);
591
 
        if ($ret->isError()) {
 
591
        if ($ret) {
592
592
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
593
593
        }
594
594
 
614
614
                                                        $this->_user->getId(),
615
615
                                                        'core.edit',
616
616
                                                        false);
617
 
        if ($ret->isError()) {
 
617
        if ($ret) {
618
618
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
619
619
        }
620
620
 
641
641
        /* Fetch all permissions and compare the ones we care about */
642
642
        list ($ret, $permissions) =
643
643
            GalleryCoreApi::fetchAllPermissionsForItem($this->_albumParent->getId(), false);
644
 
        if ($ret->isError()) {
 
644
        if ($ret) {
645
645
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
646
646
        }
647
647
        foreach ($permissions as $permission) {
648
 
            if ($permission['userId'] == $this->_user->getId()) {
 
648
            if (isset($permission['userId'])
 
649
                    && $permission['userId'] == $this->_user->getId()) {
649
650
                $this->assert(false, 'invalid user permission found');
650
651
            }
651
652
        }
657
658
                                                        $this->_user->getId(),
658
659
                                                        'core.edit',
659
660
                                                        true);
660
 
        if ($ret->isError()) {
 
661
        if ($ret) {
661
662
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
662
663
        }
663
664
 
686
687
        foreach (array($this->_albumParent, $this->_albumChild) as $album) {
687
688
            list ($ret, $permissions) =
688
689
                GalleryCoreApi::fetchAllPermissionsForItem($album->getId(), false);
689
 
            if ($ret->isError()) {
 
690
            if ($ret) {
690
691
                return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
691
692
            }
692
693
            foreach ($permissions as $permission) {
693
 
                if ($permission['userId'] == $this->_user->getId()) {
 
694
                if (isset($permission['userId'])
 
695
                        && $permission['userId'] == $this->_user->getId()) {
694
696
                    $this->assert(false,
695
697
                                  'invalid user permission found: ' . serialize($permission));
696
698
                }
717
719
 
718
720
        $ret = GalleryCoreApi::addUserPermission(
719
721
            $this->_albumParent->getId(), $this->_user->getId(), 'core.all', false);
720
 
        if ($ret->isError()) {
 
722
        if ($ret) {
721
723
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
722
724
        }
723
725
 
736
738
 
737
739
        $ret = GalleryCoreApi::addUserPermission(
738
740
            $this->_albumParent->getId(), $this->_user->getId(), 'core.all', false);
739
 
        if ($ret->isError()) {
 
741
        if ($ret) {
740
742
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
741
743
        }
742
744
 
759
761
 
760
762
        list ($ret, $canEdit) = GalleryCoreApi::hasItemPermission($this->_albumParent->getId(),
761
763
                                                                  'core.edit');
762
 
        if ($ret->isError()) {
 
764
        if ($ret) {
763
765
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
764
766
        }
765
767
        $this->assert($canEdit, 'user should have core.edit permission');
766
768
        list ($ret, $canChange) = GalleryCoreApi::hasItemPermission($this->_albumParent->getId(),
767
769
                                                                    'core.changePermissions');
768
 
        if ($ret->isError()) {
 
770
        if ($ret) {
769
771
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
770
772
        }
771
773
        $this->assert($canChange, 'user should have core.changePermissios permission');
777
779
        $gallery->setActiveUser($this->_user);
778
780
 
779
781
        $ret = GalleryCoreApi::addUserToGroup($this->_user->getId(), $this->_group->getId());
780
 
        if ($ret->isError()) {
 
782
        if ($ret) {
781
783
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
782
784
        }
783
785
        $ret = GalleryCoreApi::addGroupPermission(
784
786
            $this->_albumParent->getId(), $this->_group->getId(), 'core.all', false);
785
 
        if ($ret->isError()) {
 
787
        if ($ret) {
786
788
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
787
789
        }
788
790
 
805
807
 
806
808
        list ($ret, $permissions) =
807
809
            GalleryCoreApi::fetchAllPermissionsForItem($this->_albumParent->getId(), true);
808
 
        if ($ret->isError()) {
 
810
        if ($ret) {
809
811
            return $this->failWithStatus($ret->wrap(__FILE__, __LINE__));
810
812
        }
811
813
        $foundEdit = $foundChange = false;
812
814
        foreach ($permissions as $permission) {
813
 
            if ($permission['userId'] == $this->_user->getId() &&
814
 
                    $permission['permission'] == 'core.edit') {
815
 
                $foundEdit = true;
816
 
            } else if ($permission['userId'] == $this->_user->getId() &&
817
 
                    $permission['permission'] == 'core.changePermissions') {
818
 
                $foundChange = true;
 
815
            if (isset($permission['userId']) && $permission['userId'] == $this->_user->getId()) {
 
816
                if ($permission['permission'] == 'core.edit') {
 
817
                    $foundEdit = true;
 
818
                } else if ($permission['permission'] == 'core.changePermissions') {
 
819
                    $foundChange = true;
 
820
                }
819
821
            }
820
822
        }
821
823
        $this->assert($foundEdit, 'user should have core.edit permission');